Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

The BlackCat Ransomware on a rampage?

The BlackCat Ransomware, which was first seen in November 2021, has since emerged as one of the most active ransomware groups.

The group look for active vulnerabilities within organisations and pay in particular favour to the unpatched Microsoft exchange. The group gained access through this vulnerability and applied Rust-based Ransomware.

According to the Cyber Security Analyst ANOZR WAY, the BlackCat group is the 3rd most active ransom group behind Lockbit 2.0 & Conti. They were recently targeting the University of Pisa. They held the University to ransom for an alleged $4.5 million.

Ensuring a regular patching schedule is in place to apply any security update is the best option to defend against this attack style. It is also an excellent notion to ensure you have a good backup stance which is regularly checked and validated.

Other things that can be put in place to secure your organisation against ransomware are to ensure the use of MFA(Multifactor authentication) and the implementation of good endpoint protection. Facilities that offer sandboxing technology can assess files sent in through email and ascertain if they have malicious intent.

NSA & FBI Warns hackers are breaching routers to steal passwords

A new report generated by the NSA, CISA and the FBI has claimed public and private sector organisations are exploiting their routers and NAS (Network Attached Storage) devices.

Attackers are utilising known vulnerabilities that aren’t patched to gain access and exploit information from them. “Over the last few years, a series of high-severity vulnerabilities for network devices provided cyber actors with the ability to regularly exploit and gain access to vulnerable infrastructure devices”, the report states.

It is always important to maintain an up-to-date asset list with all devices, including IoT(Internet of Things) devices, to ensure maintenance, including patch management, is applied to the whole digital landscape.

Unpatched Microsoft vulnerability “DogWalk” arises

Whilst most think of walking their dog, hackers have begun exploiting a new unpatched vulnerability.

The Dogwalk vulnerability, like the recently discovered Follina vulnerability, uses an exploit within the Microsoft Diagnostic tool. Whilst unofficial patches have been developed; it is highly suggested you do not apply these as the source cannot be validated. Adopting an unofficial security patch could result in further exploitation and issues.

Microsoft has yet to implement an official patch for both the DogWalk & Follina vulnerability. It is important to ensure all staff are trained on how to spot phishing emails and not open any unknown documents.

It is also a good idea to check with your email filtering provider to see if sandbox technology is in place to protect your company.

Mimecast provides a comprehensive layered security approach by leveraging internally developed services in combination with third-party partners throughout our stack. This includes heuristic-based, machine learning, and human analysis practices.”

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.